Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

How to remove Win32/Olmarik.TDL4 trojan [Solved]

Started by play4fun , May 09 2012 01:29 PM

This topic is locked

#1
play4fun

Posted 09 May 2012 - 01:29 PM

New Member

Member
9 posts

Hi

I'm infected with Win32/Olmarik.TDL4 trojan. ESET found it and can't remove it. I also ran malwarebytes and it didn't find anything. Any help would be appreciated. My OTL log file is below.

OTL logfile created on: 5/9/2012 2:06:09 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\DJ\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 53.67% Memory free
6.50 Gb Paging File | 4.86 Gb Available in Paging File | 74.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.07 Gb Total Space | 558.96 Gb Free Space | 93.77% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 18.39 Gb Free Space | 7.90% Space Free | Partition Type: NTFS

Computer Name: DJ-PC | User Name: DJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/09 14:03:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
PRC - [2012/05/05 01:29:04 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/02/29 15:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 15:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/06 15:56:10 | 002,745,870 | ---- | M] () -- C:\Program Files\Tor\tor.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/05/05 02:29:04 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 18:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/06 15:56:10 | 002,745,870 | ---- | M] () [Auto | Running] -- C:\Program Files\Tor\tor.exe -- (tor)
SRV - [2011/12/12 21:35:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - [2012/02/29 18:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/06 23:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 7B 86 17 17 B8 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/05/07 16:07:00 | 000,000,000 | ---D | M]

[2012/04/24 20:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DJ\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AF2AD93-72EE-4D17-87A3-2AB12A12051C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 14:03:05 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2012/05/07 23:45:05 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\ConvertXToDVD
[2012/05/07 18:27:57 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/05/07 16:51:15 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\ESET
[2012/05/07 16:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/05/07 16:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/05/07 16:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/07 00:50:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/06 20:28:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/06 17:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/04 15:37:21 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Badaboom
[2012/05/04 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Badaboom
[2012/05/04 15:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Badaboom
[2012/04/25 16:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/04/25 15:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/25 15:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/04/25 11:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/04/25 00:48:16 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\eSupport.com
[2012/04/24 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\RegSERVO
[2012/04/24 21:25:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/24 12:04:12 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\PC Cleaners
[2012/04/24 12:04:04 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\PCPro
[2012/04/24 12:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/24 11:22:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/21 23:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/04/21 23:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/04/20 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\Amazon MP3
[2012/04/20 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Amazon
[2012/04/20 20:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/04/20 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/04/20 00:40:00 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Mozilla
[2011/12/20 23:02:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\DJ\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/05/09 14:03:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2012/05/09 13:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/09 09:52:48 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 09:52:48 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 09:49:53 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/09 09:49:53 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/09 09:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/09 09:44:57 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 01:17:40 | 000,001,057 | ---- | M] () -- C:\Users\DJ\AppData\Roaming\vso_ts_preview.xml
[2012/05/07 17:51:48 | 282,454,955 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/04 15:36:20 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Badaboom.lnk
[2012/04/29 01:09:51 | 000,001,190 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml
[2012/04/28 14:43:55 | 000,000,086 | ---- | M] () -- C:\Users\DJ\AppData\Roaming\netstat.bat
[2012/04/25 15:54:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/25 15:24:31 | 000,002,045 | ---- | M] () -- C:\Users\DJ\Desktop\HijackThis.lnk
[2012/04/24 21:45:20 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2012/04/22 20:04:41 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/04/21 23:58:54 | 000,025,306 | ---- | M] () -- C:\Users\DJ\Documents\DJ-PC.speccy
[2012/04/21 23:41:37 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/04/20 20:14:44 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/04/18 19:46:31 | 000,000,166 | ---- | M] () -- C:\Users\DJ\AppData\Roaming\default.rss

========== Files Created - No Company Name ==========

[2012/05/06 17:01:13 | 000,002,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/05/04 15:36:20 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Badaboom.lnk
[2012/04/29 01:09:51 | 000,001,190 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml
[2012/04/28 14:43:55 | 000,000,086 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\netstat.bat
[2012/04/25 15:24:31 | 000,002,045 | ---- | C] () -- C:\Users\DJ\Desktop\HijackThis.lnk
[2012/04/24 21:45:20 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RegSERVO.job
[2012/04/24 20:53:12 | 282,454,955 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/21 23:58:53 | 000,025,306 | ---- | C] () -- C:\Users\DJ\Documents\DJ-PC.speccy
[2012/04/21 23:41:37 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/04/20 20:14:44 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/01/01 00:00:38 | 000,000,000 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\downloads.m3u
[2011/12/31 21:44:51 | 000,000,166 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\default.rss
[2011/12/20 23:04:16 | 000,001,057 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\vso_ts_preview.xml
[2011/12/20 23:02:31 | 000,087,608 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\inst.exe
[2011/12/20 23:02:31 | 000,007,887 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\pcouffin.cat
[2011/12/20 23:02:31 | 000,001,144 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\pcouffin.inf
[2011/12/11 19:43:01 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/12/11 19:43:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/12/11 19:42:59 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/11 19:42:59 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/12/11 19:42:59 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

========== LOP Check ==========

[2012/04/20 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Amazon
[2012/02/22 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Big Finish
[2012/02/21 19:54:16 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\bigwig_media
[2012/03/12 15:27:09 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\GameHouse
[2011/12/11 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\ID Vault
[2011/12/11 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\KC Softwares
[2012/03/02 15:47:45 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Oberon Media
[2012/04/24 12:04:12 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\PC Cleaners
[2012/04/24 12:04:13 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\PCPro
[2012/01/16 02:15:38 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Registry Mechanic
[2012/01/16 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Sammsoft
[2012/02/24 21:11:57 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\SpinTop Games
[2012/01/12 20:09:10 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Stereoscopic Player
[2012/05/08 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Vso
[2012/04/24 21:45:20 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RegSERVO.job
[2012/04/22 20:04:41 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/05/04 12:54:24 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:D853F961
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:61FB58C9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >

#2
Essexboy

Posted 09 May 2012 - 01:38 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I will need to determine which variant you have

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
play4fun

Posted 09 May 2012 - 02:01 PM

New Member

Topic Starter
Member
9 posts

Hi and thanks for your reply and assisstance in this matter. Here is the log file you requested.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 14:55:42
-----------------------------
14:55:42.964 OS Version: Windows 6.1.7601 Service Pack 1
14:55:42.964 Number of processors: 2 586 0x170A
14:55:42.964 ComputerName: DJ-PC UserName: DJ
14:55:43.994 Initialize success
14:58:12.753 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:58:12.768 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610479MB BusType: 3
14:58:12.768 Disk 0 MBR read successfully
14:58:12.768 Disk 0 MBR scan
14:58:12.768 Disk 0 Windows 7 default MBR code
14:58:12.768 Disk 0 MBR hidden
14:58:12.784 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610377 MB offset 206848
14:58:12.784 Disk 0 scanning sectors +1250258944
14:58:12.846 Disk 0 scanning C:\Windows\system32\drivers
14:58:17.168 Service scanning
14:58:26.340 Modules scanning
14:58:42.159 Disk 0 trace - called modules:
14:58:42.174 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86dad4b1]<<
14:58:42.174 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86749030]
14:58:42.174 3 CLASSPNP.SYS[8bf9259e] -> nt!IofCallDriver -> [0x8626c898]
14:58:42.174 5 ACPI.sys[836c13d4] -> nt!IofCallDriver -> \IdeDeviceP2T0L0-2[0x862c5908]
14:58:42.190 \Driver\atapi[0x86da7250] -> IRP_MJ_CREATE -> 0x86dad4b1
14:58:42.190 Scan finished successfully
14:59:08.040 Disk 0 MBR has been saved successfully to "C:\Users\DJ\Desktop\MBR.dat"
14:59:08.040 The log file has been saved successfully to "C:\Users\DJ\Desktop\aswMBR.txt"

#4
Essexboy

Posted 09 May 2012 - 02:38 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I think I know the variant now

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

#5
play4fun

Posted 09 May 2012 - 03:00 PM

New Member

Topic Starter
Member
9 posts

Hi here is the report log you asked for.

15:43:57.0996 4992 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:43:58.0027 4992 vwifibus - ok
15:43:58.0059 4992 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:43:58.0121 4992 W32Time - ok
15:43:58.0152 4992 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:43:58.0168 4992 WacomPen - ok
15:43:58.0215 4992 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:58.0261 4992 WANARP - ok
15:43:58.0261 4992 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:58.0277 4992 Wanarpv6 - ok
15:43:58.0386 4992 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:43:58.0417 4992 WatAdminSvc - ok
15:43:58.0480 4992 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:43:58.0511 4992 wbengine - ok
15:43:58.0527 4992 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:43:58.0542 4992 WbioSrvc - ok
15:43:58.0589 4992 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:43:58.0605 4992 wcncsvc - ok
15:43:58.0620 4992 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:43:58.0651 4992 WcsPlugInService - ok
15:43:58.0714 4992 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:43:58.0714 4992 Wd - ok
15:43:58.0761 4992 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:43:58.0776 4992 Wdf01000 - ok
15:43:58.0792 4992 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:43:58.0854 4992 WdiServiceHost - ok
15:43:58.0870 4992 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:43:58.0885 4992 WdiSystemHost - ok
15:43:58.0901 4992 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:43:58.0932 4992 WebClient - ok
15:43:58.0948 4992 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:43:58.0979 4992 Wecsvc - ok
15:43:58.0995 4992 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:43:59.0026 4992 wercplsupport - ok
15:43:59.0073 4992 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:43:59.0104 4992 WerSvc - ok
15:43:59.0119 4992 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:59.0151 4992 WfpLwf - ok
15:43:59.0166 4992 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:43:59.0182 4992 WIMMount - ok
15:43:59.0244 4992 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:43:59.0291 4992 WinDefend - ok
15:43:59.0291 4992 WinHttpAutoProxySvc - ok
15:43:59.0338 4992 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:43:59.0369 4992 Winmgmt - ok
15:43:59.0431 4992 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:43:59.0494 4992 WinRM - ok
15:43:59.0556 4992 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:43:59.0587 4992 WinUsb - ok
15:43:59.0665 4992 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:43:59.0697 4992 Wlansvc - ok
15:43:59.0712 4992 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:43:59.0728 4992 WmiAcpi - ok
15:43:59.0759 4992 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:43:59.0775 4992 wmiApSrv - ok
15:43:59.0884 4992 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:59.0915 4992 WMPNetworkSvc - ok
15:43:59.0915 4992 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:43:59.0946 4992 WPCSvc - ok
15:43:59.0962 4992 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:44:00.0009 4992 WPDBusEnum - ok
15:44:00.0055 4992 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:44:00.0087 4992 ws2ifsl - ok
15:44:00.0118 4992 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:44:00.0149 4992 wscsvc - ok
15:44:00.0149 4992 WSearch - ok
15:44:00.0258 4992 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
15:44:00.0305 4992 wuauserv - ok
15:44:00.0399 4992 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:44:00.0445 4992 WudfPf - ok
15:44:00.0477 4992 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:00.0508 4992 WUDFRd - ok
15:44:00.0539 4992 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:44:00.0555 4992 wudfsvc - ok
15:44:00.0586 4992 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:44:00.0601 4992 WwanSvc - ok
15:44:00.0617 4992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:44:00.0648 4992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:44:00.0648 4992 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:44:00.0679 4992 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:44:00.0679 4992 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:44:00.0679 4992 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
15:44:01.0647 4992 \Device\Harddisk1\DR1 - ok
15:44:01.0678 4992 Boot (0x1200) (43792a7a5b0c85024e7ca690352b5314) \Device\Harddisk0\DR0\Partition0
15:44:01.0678 4992 \Device\Harddisk0\DR0\Partition0 - ok
15:44:01.0678 4992 Boot (0x1200) (1c4b92c3e1877be839aa57d2effd8be4) \Device\Harddisk1\DR1\Partition0
15:44:01.0678 4992 \Device\Harddisk1\DR1\Partition0 - ok
15:44:01.0678 4992 ============================================================
15:44:01.0678 4992 Scan finished
15:44:01.0678 4992 ============================================================
15:44:01.0693 4752 Detected object count: 4
15:44:01.0693 4752 Actual detected object count: 4
15:45:59.0988 4752 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:59.0988 4752 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:59.0988 4752 tor ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:59.0988 4752 tor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:46:00.0004 4752 \Device\Harddisk0\DR0\# - copied to quarantine
15:46:00.0004 4752 \Device\Harddisk0\DR0 - copied to quarantine
15:46:00.0035 4752 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:46:00.0035 4752 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:46:00.0706 4752 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:46:01.0190 4752 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:46:01.0190 4752 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:46:01.0642 4752 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:46:01.0658 4752 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:46:01.0658 4752 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:46:01.0658 4752 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:46:02.0110 4752 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:46:02.0531 4752 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:46:02.0547 4752 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:46:02.0547 4752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:46:02.0547 4752 \Device\Harddisk0\DR0 - ok
15:46:02.0609 4752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:46:02.0609 4752 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:46:02.0609 4752 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:49:03.0008 5436 Deinitialize success

#6
Essexboy

Posted 09 May 2012 - 03:35 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you now re-run TDSSKiller please and when it reaches this part select delete:

\Device\Harddisk0\DR0 ( TDSS File System )

How is the computer behaving now ?

#7
play4fun

Posted 09 May 2012 - 03:46 PM

New Member

Topic Starter
Member
9 posts

Do I change parameters like last time?

#8
play4fun

Posted 09 May 2012 - 04:07 PM

New Member

Topic Starter
Member
9 posts

Ok I reran TDSSKiller and deleted the one you asked me to. Computer seems to be moving along wonderfully.Report Log below.

16:44:09.0265 3756 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:44:09.0639 3756 ============================================================
16:44:09.0639 3756 Current date / time: 2012/05/09 16:44:09.0639
16:44:09.0639 3756 SystemInfo:
16:44:09.0639 3756
16:44:09.0639 3756 OS Version: 6.1.7601 ServicePack: 1.0
16:44:09.0639 3756 Product type: Workstation
16:44:09.0639 3756 ComputerName: DJ-PC
16:44:09.0639 3756 UserName: DJ
16:44:09.0639 3756 Windows directory: C:\Windows
16:44:09.0639 3756 System windows directory: C:\Windows
16:44:09.0639 3756 Processor architecture: Intel x86
16:44:09.0639 3756 Number of processors: 2
16:44:09.0639 3756 Page size: 0x1000
16:44:09.0639 3756 Boot type: Normal boot
16:44:09.0639 3756 ============================================================
16:44:10.0559 3756 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:44:10.0559 3756 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:44:14.0210 3756 ============================================================
16:44:14.0210 3756 \Device\Harddisk0\DR0:
16:44:14.0210 3756 MBR partitions:
16:44:14.0210 3756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A824800
16:44:14.0210 3756 \Device\Harddisk1\DR1:
16:44:14.0210 3756 MBR partitions:
16:44:14.0210 3756 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
16:44:14.0210 3756 ============================================================
16:44:14.0257 3756 C: <-> \Device\Harddisk0\DR0\Partition0
16:44:14.0288 3756 G: <-> \Device\Harddisk1\DR1\Partition0
16:44:14.0288 3756 ============================================================
16:44:14.0288 3756 Initialize success
16:44:14.0288 3756 ============================================================
16:59:18.0710 2912 ============================================================
16:59:18.0710 2912 Scan started
16:59:18.0710 2912 Mode: Manual; SigCheck; TDLFS;
16:59:18.0710 2912 ============================================================
16:59:19.0178 2912 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:59:19.0225 2912 1394ohci - ok
16:59:19.0272 2912 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:59:19.0287 2912 ACPI - ok
16:59:19.0334 2912 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:59:19.0350 2912 AcpiPmi - ok
16:59:19.0443 2912 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:19.0459 2912 AdobeFlashPlayerUpdateSvc - ok
16:59:19.0506 2912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:19.0537 2912 adp94xx - ok
16:59:19.0553 2912 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:59:19.0584 2912 adpahci - ok
16:59:19.0599 2912 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:59:19.0599 2912 adpu320 - ok
16:59:19.0631 2912 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:59:19.0677 2912 AeLookupSvc - ok
16:59:19.0740 2912 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:59:19.0771 2912 AFD - ok
16:59:19.0802 2912 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:59:19.0818 2912 agp440 - ok
16:59:19.0849 2912 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:59:19.0865 2912 aic78xx - ok
16:59:19.0896 2912 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:59:19.0943 2912 ALG - ok
16:59:19.0958 2912 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:59:19.0958 2912 aliide - ok
16:59:19.0989 2912 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:59:19.0989 2912 amdagp - ok
16:59:20.0005 2912 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:59:20.0021 2912 amdide - ok
16:59:20.0036 2912 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:59:20.0052 2912 AmdK8 - ok
16:59:20.0067 2912 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:59:20.0099 2912 AmdPPM - ok
16:59:20.0114 2912 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:59:20.0130 2912 amdsata - ok
16:59:20.0161 2912 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:20.0161 2912 amdsbs - ok
16:59:20.0192 2912 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:59:20.0192 2912 amdxata - ok
16:59:20.0239 2912 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:59:20.0270 2912 AppID - ok
16:59:20.0301 2912 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:59:20.0333 2912 AppIDSvc - ok
16:59:20.0364 2912 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:59:20.0395 2912 Appinfo - ok
16:59:20.0504 2912 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:20.0520 2912 Apple Mobile Device - ok
16:59:20.0567 2912 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:59:20.0582 2912 arc - ok
16:59:20.0582 2912 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:59:20.0598 2912 arcsas - ok
16:59:20.0613 2912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:20.0629 2912 AsyncMac - ok
16:59:20.0660 2912 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:59:20.0660 2912 atapi - ok
16:59:20.0707 2912 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:59:20.0754 2912 AudioEndpointBuilder - ok
16:59:20.0754 2912 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:59:20.0785 2912 Audiosrv - ok
16:59:20.0816 2912 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:59:20.0863 2912 AxInstSV - ok
16:59:20.0894 2912 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:59:20.0941 2912 b06bdrv - ok
16:59:20.0972 2912 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:59:21.0003 2912 b57nd60x - ok
16:59:21.0019 2912 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:59:21.0081 2912 BDESVC - ok
16:59:21.0097 2912 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:59:21.0144 2912 Beep - ok
16:59:21.0191 2912 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:59:21.0237 2912 BFE - ok
16:59:21.0284 2912 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:59:21.0331 2912 BITS - ok
16:59:21.0347 2912 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:21.0362 2912 blbdrive - ok
16:59:21.0456 2912 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:59:21.0471 2912 Bonjour Service - ok
16:59:21.0487 2912 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:59:21.0503 2912 bowser - ok
16:59:21.0518 2912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:21.0549 2912 BrFiltLo - ok
16:59:21.0565 2912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:21.0612 2912 BrFiltUp - ok
16:59:21.0643 2912 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:59:21.0690 2912 BridgeMP - ok
16:59:21.0721 2912 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:59:21.0752 2912 Browser - ok
16:59:21.0783 2912 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:59:21.0830 2912 Brserid - ok
16:59:21.0846 2912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:21.0877 2912 BrSerWdm - ok
16:59:21.0893 2912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:21.0924 2912 BrUsbMdm - ok
16:59:21.0924 2912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:21.0955 2912 BrUsbSer - ok
16:59:21.0971 2912 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:22.0002 2912 BTHMODEM - ok
16:59:22.0049 2912 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:59:22.0080 2912 bthserv - ok
16:59:22.0111 2912 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:59:22.0158 2912 cdfs - ok
16:59:22.0205 2912 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:59:22.0220 2912 cdrom - ok
16:59:22.0251 2912 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:59:22.0298 2912 CertPropSvc - ok
16:59:22.0329 2912 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:59:22.0345 2912 circlass - ok
16:59:22.0361 2912 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:59:22.0376 2912 CLFS - ok
16:59:22.0454 2912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:22.0470 2912 clr_optimization_v2.0.50727_32 - ok
16:59:22.0548 2912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:22.0563 2912 clr_optimization_v4.0.30319_32 - ok
16:59:22.0579 2912 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:22.0595 2912 CmBatt - ok
16:59:22.0610 2912 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:59:22.0626 2912 cmdide - ok
16:59:22.0657 2912 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:59:22.0673 2912 CNG - ok
16:59:22.0704 2912 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:59:22.0719 2912 Compbatt - ok
16:59:22.0719 2912 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:59:22.0751 2912 CompositeBus - ok
16:59:22.0766 2912 COMSysApp - ok
16:59:22.0766 2912 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:59:22.0782 2912 crcdisk - ok
16:59:22.0829 2912 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:59:22.0860 2912 CryptSvc - ok
16:59:22.0907 2912 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:59:22.0953 2912 DcomLaunch - ok
16:59:23.0000 2912 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:59:23.0047 2912 defragsvc - ok
16:59:23.0078 2912 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:59:23.0125 2912 DfsC - ok
16:59:23.0156 2912 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:59:23.0187 2912 Dhcp - ok
16:59:23.0203 2912 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:59:23.0250 2912 discache - ok
16:59:23.0281 2912 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:59:23.0297 2912 Disk - ok
16:59:23.0312 2912 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:59:23.0359 2912 Dnscache - ok
16:59:23.0390 2912 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:59:23.0437 2912 dot3svc - ok
16:59:23.0453 2912 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:59:23.0499 2912 DPS - ok
16:59:23.0531 2912 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:59:23.0546 2912 drmkaud - ok
16:59:23.0609 2912 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:59:23.0624 2912 DXGKrnl - ok
16:59:23.0687 2912 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
16:59:23.0702 2912 eamonm - ok
16:59:23.0733 2912 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:59:23.0765 2912 EapHost - ok
16:59:23.0952 2912 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:59:24.0014 2912 ebdrv - ok
16:59:24.0108 2912 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:59:24.0155 2912 EFS - ok
16:59:24.0233 2912 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
16:59:24.0233 2912 ehdrv - ok
16:59:24.0295 2912 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:59:24.0342 2912 ehRecvr - ok
16:59:24.0373 2912 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:59:24.0404 2912 ehSched - ok
16:59:24.0513 2912 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
16:59:24.0529 2912 ekrn - ok
16:59:24.0638 2912 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:59:24.0669 2912 elxstor - ok
16:59:24.0701 2912 epfwwfpr (f39c91795ebdb9ecbeb5a388ff2841fe) C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:59:24.0716 2912 epfwwfpr - ok
16:59:24.0747 2912 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:59:24.0763 2912 ErrDev - ok
16:59:24.0810 2912 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:59:24.0872 2912 EventSystem - ok
16:59:24.0903 2912 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:59:24.0935 2912 exfat - ok
16:59:24.0950 2912 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:59:24.0997 2912 fastfat - ok
16:59:25.0044 2912 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:59:25.0091 2912 Fax - ok
16:59:25.0106 2912 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:59:25.0122 2912 fdc - ok
16:59:25.0137 2912 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:59:25.0184 2912 fdPHost - ok
16:59:25.0184 2912 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:59:25.0215 2912 FDResPub - ok
16:59:25.0231 2912 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:59:25.0247 2912 FileInfo - ok
16:59:25.0247 2912 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:59:25.0278 2912 Filetrace - ok
16:59:25.0278 2912 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:25.0309 2912 flpydisk - ok
16:59:25.0356 2912 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:59:25.0371 2912 FltMgr - ok
16:59:25.0418 2912 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:59:25.0465 2912 FontCache - ok
16:59:25.0527 2912 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:59:25.0543 2912 FontCache3.0.0.0 - ok
16:59:25.0559 2912 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:59:25.0574 2912 FsDepends - ok
16:59:25.0590 2912 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:59:25.0605 2912 Fs_Rec - ok
16:59:25.0637 2912 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:59:25.0652 2912 fvevol - ok
16:59:25.0668 2912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:25.0699 2912 gagp30kx - ok
16:59:25.0730 2912 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:25.0746 2912 GEARAspiWDM - ok
16:59:25.0777 2912 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:59:25.0839 2912 gpsvc - ok
16:59:25.0855 2912 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:59:25.0917 2912 hcw85cir - ok
16:59:25.0964 2912 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:59:26.0011 2912 HdAudAddService - ok
16:59:26.0058 2912 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:59:26.0089 2912 HDAudBus - ok
16:59:26.0105 2912 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:26.0136 2912 HidBatt - ok
16:59:26.0167 2912 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:59:26.0198 2912 HidBth - ok
16:59:26.0214 2912 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:59:26.0245 2912 HidIr - ok
16:59:26.0276 2912 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
16:59:26.0307 2912 hidserv - ok
16:59:26.0323 2912 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
16:59:26.0339 2912 HidUsb - ok
16:59:26.0370 2912 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:59:26.0385 2912 hkmsvc - ok
16:59:26.0432 2912 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:59:26.0479 2912 HomeGroupListener - ok
16:59:26.0495 2912 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:59:26.0541 2912 HomeGroupProvider - ok
16:59:26.0573 2912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:59:26.0588 2912 HpSAMD - ok
16:59:26.0635 2912 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:59:26.0682 2912 HTTP - ok
16:59:26.0713 2912 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:59:26.0713 2912 hwpolicy - ok
16:59:26.0744 2912 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:59:26.0760 2912 i8042prt - ok
16:59:26.0791 2912 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:59:26.0822 2912 iaStorV - ok
16:59:26.0916 2912 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:59:26.0947 2912 idsvc - ok
16:59:26.0978 2912 IDVaultSvc - ok
16:59:27.0025 2912 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:59:27.0041 2912 iirsp - ok
16:59:27.0072 2912 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:59:27.0134 2912 IKEEXT - ok
16:59:27.0321 2912 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys
16:59:27.0384 2912 IntcAzAudAddService - ok
16:59:27.0509 2912 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:59:27.0524 2912 intelide - ok
16:59:27.0555 2912 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:59:27.0571 2912 intelppm - ok
16:59:27.0602 2912 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:59:27.0665 2912 IPBusEnum - ok
16:59:27.0680 2912 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:27.0711 2912 IpFilterDriver - ok
16:59:27.0774 2912 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:59:27.0821 2912 iphlpsvc - ok
16:59:27.0821 2912 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:59:27.0836 2912 IPMIDRV - ok
16:59:27.0867 2912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:59:27.0899 2912 IPNAT - ok
16:59:28.0008 2912 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:59:28.0023 2912 iPod Service - ok
16:59:28.0039 2912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:59:28.0070 2912 IRENUM - ok
16:59:28.0086 2912 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:59:28.0101 2912 isapnp - ok
16:59:28.0133 2912 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:59:28.0148 2912 iScsiPrt - ok
16:59:28.0179 2912 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:59:28.0195 2912 kbdclass - ok
16:59:28.0211 2912 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:59:28.0242 2912 kbdhid - ok
16:59:28.0273 2912 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:59:28.0273 2912 KeyIso - ok
16:59:28.0289 2912 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:59:28.0304 2912 KSecDD - ok
16:59:28.0320 2912 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:59:28.0335 2912 KSecPkg - ok
16:59:28.0367 2912 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:59:28.0429 2912 KtmRm - ok
16:59:28.0460 2912 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
16:59:28.0507 2912 LanmanServer - ok
16:59:28.0538 2912 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:59:28.0569 2912 LanmanWorkstation - ok
16:59:28.0663 2912 LightScribeService (ac2e68e3421af857b8d438414e7ae31c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:59:28.0679 2912 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:59:28.0679 2912 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:59:28.0725 2912 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:59:28.0772 2912 lltdio - ok
16:59:28.0803 2912 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:59:28.0850 2912 lltdsvc - ok
16:59:28.0866 2912 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:59:28.0881 2912 lmhosts - ok
16:59:28.0913 2912 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:59:28.0928 2912 LSI_FC - ok
16:59:28.0959 2912 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:59:28.0959 2912 LSI_SAS - ok
16:59:28.0975 2912 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:59:28.0991 2912 LSI_SAS2 - ok
16:59:28.0991 2912 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:59:29.0006 2912 LSI_SCSI - ok
16:59:29.0022 2912 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:59:29.0069 2912 luafv - ok
16:59:29.0100 2912 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:59:29.0115 2912 Mcx2Svc - ok
16:59:29.0131 2912 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:59:29.0147 2912 megasas - ok
16:59:29.0162 2912 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:59:29.0178 2912 MegaSR - ok
16:59:29.0193 2912 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:59:29.0240 2912 MMCSS - ok
16:59:29.0256 2912 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:59:29.0287 2912 Modem - ok
16:59:29.0334 2912 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:59:29.0365 2912 monitor - ok
16:59:29.0396 2912 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
16:59:29.0412 2912 mouclass - ok
16:59:29.0427 2912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:59:29.0443 2912 mouhid - ok
16:59:29.0459 2912 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:59:29.0474 2912 mountmgr - ok
16:59:29.0505 2912 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:59:29.0505 2912 mpio - ok
16:59:29.0521 2912 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:59:29.0552 2912 mpsdrv - ok
16:59:29.0583 2912 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:59:29.0615 2912 MpsSvc - ok
16:59:29.0661 2912 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:59:29.0677 2912 MRxDAV - ok
16:59:29.0724 2912 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:29.0755 2912 mrxsmb - ok
16:59:29.0771 2912 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:29.0786 2912 mrxsmb10 - ok
16:59:29.0802 2912 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:29.0817 2912 mrxsmb20 - ok
16:59:29.0817 2912 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:59:29.0833 2912 msahci - ok
16:59:29.0849 2912 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:59:29.0864 2912 msdsm - ok
16:59:29.0895 2912 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:59:29.0927 2912 MSDTC - ok
16:59:29.0958 2912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:59:29.0989 2912 Msfs - ok
16:59:29.0989 2912 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:59:30.0036 2912 mshidkmdf - ok
16:59:30.0051 2912 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:59:30.0051 2912 msisadrv - ok
16:59:30.0083 2912 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:59:30.0129 2912 MSiSCSI - ok
16:59:30.0129 2912 msiserver - ok
16:59:30.0161 2912 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:59:30.0192 2912 MSKSSRV - ok
16:59:30.0223 2912 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:30.0254 2912 MSPCLOCK - ok
16:59:30.0270 2912 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:59:30.0301 2912 MSPQM - ok
16:59:30.0317 2912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:59:30.0332 2912 MsRPC - ok
16:59:30.0348 2912 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:59:30.0348 2912 mssmbios - ok
16:59:30.0363 2912 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:59:30.0379 2912 MSTEE - ok
16:59:30.0379 2912 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:59:30.0410 2912 MTConfig - ok
16:59:30.0441 2912 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:59:30.0457 2912 Mup - ok
16:59:30.0488 2912 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:59:30.0504 2912 napagent - ok
16:59:30.0535 2912 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:59:30.0566 2912 NativeWifiP - ok
16:59:30.0629 2912 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:59:30.0660 2912 NDIS - ok
16:59:30.0675 2912 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:30.0707 2912 NdisCap - ok
16:59:30.0738 2912 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:30.0769 2912 NdisTapi - ok
16:59:30.0816 2912 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:30.0847 2912 Ndisuio - ok
16:59:30.0878 2912 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:30.0909 2912 NdisWan - ok
16:59:30.0941 2912 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:59:30.0956 2912 NDProxy - ok
16:59:31.0050 2912 Nero BackItUp Scheduler 4.0 - ok
16:59:31.0065 2912 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:59:31.0112 2912 NetBIOS - ok
16:59:31.0159 2912 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:59:31.0190 2912 NetBT - ok
16:59:31.0221 2912 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:59:31.0237 2912 Netlogon - ok
16:59:31.0284 2912 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:59:31.0331 2912 Netman - ok
16:59:31.0362 2912 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:59:31.0393 2912 netprofm - ok
16:59:31.0471 2912 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:59:31.0487 2912 NetTcpPortSharing - ok
16:59:31.0518 2912 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:59:31.0533 2912 nfrd960 - ok
16:59:31.0565 2912 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:59:31.0596 2912 NlaSvc - ok
16:59:31.0611 2912 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:59:31.0643 2912 Npfs - ok
16:59:31.0658 2912 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:59:31.0689 2912 nsi - ok
16:59:31.0689 2912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:59:31.0721 2912 nsiproxy - ok
16:59:31.0799 2912 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:59:31.0845 2912 Ntfs - ok
16:59:31.0845 2912 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:59:31.0892 2912 Null - ok
16:59:32.0360 2912 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:59:32.0516 2912 nvlddmkm - ok
16:59:32.0625 2912 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:59:32.0641 2912 nvraid - ok
16:59:32.0657 2912 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:59:32.0672 2912 nvstor - ok
16:59:32.0719 2912 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
16:59:32.0750 2912 nvsvc - ok
16:59:32.0922 2912 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:59:32.0969 2912 nvUpdatusService - ok
16:59:33.0031 2912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:59:33.0047 2912 nv_agp - ok
16:59:33.0047 2912 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:59:33.0078 2912 ohci1394 - ok
16:59:33.0125 2912 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:59:33.0171 2912 p2pimsvc - ok
16:59:33.0218 2912 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:59:33.0234 2912 p2psvc - ok
16:59:33.0281 2912 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:59:33.0296 2912 Parport - ok
16:59:33.0312 2912 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
16:59:33.0327 2912 partmgr - ok
16:59:33.0343 2912 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:59:33.0359 2912 Parvdm - ok
16:59:33.0452 2912 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
16:59:33.0468 2912 pbfilter - ok
16:59:33.0483 2912 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:59:33.0499 2912 PcaSvc - ok
16:59:33.0530 2912 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:59:33.0546 2912 pci - ok
16:59:33.0546 2912 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:59:33.0561 2912 pciide - ok
16:59:33.0577 2912 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:59:33.0593 2912 pcmcia - ok
16:59:33.0624 2912 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
16:59:33.0655 2912 pcouffin - ok
16:59:33.0671 2912 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:59:33.0686 2912 pcw - ok
16:59:33.0733 2912 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:59:33.0780 2912 PEAUTH - ok
16:59:33.0873 2912 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:59:33.0951 2912 pla - ok
16:59:34.0061 2912 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:59:34.0092 2912 PlugPlay - ok
16:59:34.0107 2912 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:59:34.0139 2912 PNRPAutoReg - ok
16:59:34.0170 2912 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:59:34.0185 2912 PNRPsvc - ok
16:59:34.0217 2912 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:59:34.0263 2912 PolicyAgent - ok
16:59:34.0295 2912 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:59:34.0326 2912 Power - ok
16:59:34.0388 2912 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:59:34.0435 2912 PptpMiniport - ok
16:59:34.0466 2912 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:59:34.0466 2912 Processor - ok
16:59:34.0513 2912 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:59:34.0560 2912 ProfSvc - ok
16:59:34.0575 2912 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:59:34.0591 2912 ProtectedStorage - ok
16:59:34.0607 2912 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:59:34.0653 2912 Psched - ok
16:59:34.0731 2912 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:59:34.0778 2912 ql2300 - ok
16:59:34.0872 2912 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:59:34.0887 2912 ql40xx - ok
16:59:34.0903 2912 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:59:34.0950 2912 QWAVE - ok
16:59:34.0965 2912 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:59:34.0981 2912 QWAVEdrv - ok
16:59:34.0981 2912 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:59:35.0012 2912 RasAcd - ok
16:59:35.0043 2912 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:59:35.0090 2912 RasAgileVpn - ok
16:59:35.0106 2912 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:59:35.0137 2912 RasAuto - ok
16:59:35.0153 2912 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:35.0199 2912 Rasl2tp - ok
16:59:35.0246 2912 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:59:35.0309 2912 RasMan - ok
16:59:35.0324 2912 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:35.0340 2912 RasPppoe - ok
16:59:35.0355 2912 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:59:35.0387 2912 RasSstp - ok
16:59:35.0418 2912 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:59:35.0449 2912 rdbss - ok
16:59:35.0480 2912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:59:35.0496 2912 rdpbus - ok
16:59:35.0511 2912 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:35.0558 2912 RDPCDD - ok
16:59:35.0574 2912 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:59:35.0605 2912 RDPENCDD - ok
16:59:35.0636 2912 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:59:35.0667 2912 RDPREFMP - ok
16:59:35.0714 2912 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:59:35.0745 2912 RDPWD - ok
16:59:35.0777 2912 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:59:35.0808 2912 rdyboost - ok
16:59:35.0839 2912 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:59:35.0870 2912 RemoteAccess - ok
16:59:35.0901 2912 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:59:35.0964 2912 RemoteRegistry - ok
16:59:35.0979 2912 rootrepeal - ok
16:59:36.0011 2912 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:59:36.0042 2912 RpcEptMapper - ok
16:59:36.0073 2912 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:59:36.0089 2912 RpcLocator - ok
16:59:36.0135 2912 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:59:36.0167 2912 RpcSs - ok
16:59:36.0198 2912 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:59:36.0229 2912 rspndr - ok
16:59:36.0307 2912 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:59:36.0323 2912 RTL8167 - ok
16:59:36.0369 2912 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:59:36.0385 2912 SamSs - ok
16:59:36.0416 2912 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:59:36.0432 2912 sbp2port - ok
16:59:36.0447 2912 SBRE - ok
16:59:36.0463 2912 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:59:36.0494 2912 SCardSvr - ok
16:59:36.0525 2912 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:59:36.0557 2912 scfilter - ok
16:59:36.0619 2912 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:59:36.0666 2912 Schedule - ok
16:59:36.0697 2912 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:59:36.0728 2912 SCPolicySvc - ok
16:59:36.0744 2912 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:59:36.0791 2912 SDRSVC - ok
16:59:36.0822 2912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:59:36.0853 2912 secdrv - ok
16:59:36.0869 2912 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:59:36.0915 2912 seclogon - ok
16:59:36.0931 2912 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:59:36.0978 2912 SENS - ok
16:59:37.0009 2912 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:59:37.0071 2912 SensrSvc - ok
16:59:37.0087 2912 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:59:37.0118 2912 Serenum - ok
16:59:37.0134 2912 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:59:37.0149 2912 Serial - ok
16:59:37.0181 2912 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:59:37.0212 2912 sermouse - ok
16:59:37.0243 2912 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:59:37.0305 2912 SessionEnv - ok
16:59:37.0337 2912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:59:37.0383 2912 sffdisk - ok
16:59:37.0399 2912 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:59:37.0415 2912 sffp_mmc - ok
16:59:37.0446 2912 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:59:37.0461 2912 sffp_sd - ok
16:59:37.0477 2912 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:59:37.0508 2912 sfloppy - ok
16:59:37.0539 2912 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:59:37.0586 2912 SharedAccess - ok
16:59:37.0617 2912 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:59:37.0664 2912 ShellHWDetection - ok
16:59:37.0680 2912 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:59:37.0695 2912 sisagp - ok
16:59:37.0711 2912 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:59:37.0727 2912 SiSRaid2 - ok
16:59:37.0742 2912 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:59:37.0742 2912 SiSRaid4 - ok
16:59:37.0773 2912 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:59:37.0789 2912 Smb - ok
16:59:37.0851 2912 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:59:37.0867 2912 SNMPTRAP - ok
16:59:37.0867 2912 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:59:37.0883 2912 spldr - ok
16:59:37.0929 2912 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:59:37.0992 2912 Spooler - ok
16:59:38.0163 2912 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:59:38.0257 2912 sppsvc - ok
16:59:38.0351 2912 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:59:38.0382 2912 sppuinotify - ok
16:59:38.0429 2912 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:59:38.0475 2912 srv - ok
16:59:38.0507 2912 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:59:38.0522 2912 srv2 - ok
16:59:38.0538 2912 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:59:38.0553 2912 srvnet - ok
16:59:38.0585 2912 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:59:38.0616 2912 SSDPSRV - ok
16:59:38.0631 2912 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:59:38.0663 2912 SstpSvc - ok
16:59:38.0787 2912 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:59:38.0803 2912 Stereo Service - ok
16:59:38.0819 2912 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:59:38.0834 2912 stexstor - ok
16:59:38.0881 2912 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:59:38.0928 2912 StiSvc - ok
16:59:38.0959 2912 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:59:38.0959 2912 swenum - ok
16:59:38.0990 2912 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:59:39.0037 2912 swprv - ok
16:59:39.0099 2912 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:59:39.0146 2912 SysMain - ok
16:59:39.0146 2912 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:59:39.0162 2912 TabletInputService - ok
16:59:39.0193 2912 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:59:39.0255 2912 TapiSrv - ok
16:59:39.0271 2912 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:59:39.0302 2912 TBS - ok
16:59:39.0411 2912 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
16:59:39.0474 2912 Tcpip - ok
16:59:39.0489 2912 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
16:59:39.0521 2912 TCPIP6 - ok
16:59:39.0567 2912 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:59:39.0599 2912 tcpipreg - ok
16:59:39.0630 2912 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:59:39.0661 2912 TDPIPE - ok
16:59:39.0692 2912 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:59:39.0723 2912 TDTCP - ok
16:59:39.0755 2912 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:59:39.0801 2912 tdx - ok
16:59:39.0817 2912 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:59:39.0833 2912 TermDD - ok
16:59:39.0864 2912 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:59:39.0911 2912 TermService - ok
16:59:39.0926 2912 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:59:39.0942 2912 Themes - ok
16:59:39.0973 2912 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:59:39.0989 2912 THREADORDER - ok
16:59:40.0145 2912 tor (68ddb53b2f96db98861134604740135e) C:\Program Files\Tor\tor.exe
16:59:40.0223 2912 tor ( UnsignedFile.Multi.Generic ) - warning
16:59:40.0223 2912 tor - detected UnsignedFile.Multi.Generic (1)
16:59:40.0316 2912 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:59:40.0347 2912 TrkWks - ok
16:59:40.0394 2912 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:59:40.0410 2912 TrustedInstaller - ok
16:59:40.0472 2912 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:40.0488 2912 tssecsrv - ok
16:59:40.0535 2912 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:59:40.0581 2912 TsUsbFlt - ok
16:59:40.0628 2912 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:59:40.0675 2912 tunnel - ok
16:59:40.0706 2912 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:59:40.0706 2912 uagp35 - ok
16:59:40.0753 2912 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:59:40.0847 2912 udfs - ok
16:59:40.0878 2912 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:59:40.0893 2912 UI0Detect - ok
16:59:40.0925 2912 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:59:40.0940 2912 uliagpkx - ok
16:59:40.0971 2912 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
16:59:40.0987 2912 umbus - ok
16:59:41.0018 2912 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:59:41.0034 2912 UmPass - ok
16:59:41.0065 2912 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:59:41.0112 2912 upnphost - ok
16:59:41.0143 2912 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:59:41.0159 2912 USBAAPL - ok
16:59:41.0174 2912 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:41.0190 2912 usbccgp - ok
16:59:41.0221 2912 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:59:41.0237 2912 usbcir - ok
16:59:41.0283 2912 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:59:41.0299 2912 usbehci - ok
16:59:41.0330 2912 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:59:41.0377 2912 usbhub - ok
16:59:41.0393 2912 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
16:59:41.0408 2912 usbohci - ok
16:59:41.0439 2912 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:59:41.0455 2912 usbprint - ok
16:59:41.0471 2912 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:41.0533 2912 USBSTOR - ok
16:59:41.0533 2912 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:59:41.0549 2912 usbuhci - ok
16:59:41.0564 2912 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:59:41.0595 2912 UxSms - ok
16:59:41.0611 2912 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:59:41.0627 2912 VaultSvc - ok
16:59:41.0642 2912 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:59:41.0658 2912 vdrvroot - ok
16:59:41.0689 2912 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:59:41.0751 2912 vds - ok
16:59:41.0767 2912 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:41.0798 2912 vga - ok
16:59:41.0814 2912 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:59:41.0829 2912 VgaSave - ok
16:59:41.0861 2912 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:59:41.0876 2912 vhdmp - ok
16:59:41.0923 2912 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:59:41.0923 2912 viaagp - ok
16:59:41.0939 2912 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:59:41.0970 2912 ViaC7 - ok
16:59:41.0985 2912 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:59:42.0001 2912 viaide - ok
16:59:42.0017 2912 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:59:42.0017 2912 volmgr - ok
16:59:42.0048 2912 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:59:42.0063 2912 volmgrx - ok
16:59:42.0079 2912 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:59:42.0095 2912 volsnap - ok
16:59:42.0110 2912 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:59:42.0126 2912 vsmraid - ok
16:59:42.0188 2912 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:59:42.0251 2912 VSS - ok
16:59:42.0266 2912 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:59:42.0297 2912 vwifibus - ok
16:59:42.0329 2912 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:59:42.0391 2912 W32Time - ok
16:59:42.0422 2912 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:59:42.0453 2912 WacomPen - ok
16:59:42.0485 2912 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:59:42.0531 2912 WANARP - ok
16:59:42.0531 2912 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:59:42.0563 2912 Wanarpv6 - ok
16:59:42.0656 2912 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:59:42.0719 2912 WatAdminSvc - ok
16:59:42.0797 2912 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:59:42.0843 2912 wbengine - ok
16:59:42.0875 2912 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:59:42.0921 2912 WbioSrvc - ok
16:59:42.0968 2912 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:59:42.0999 2912 wcncsvc - ok
16:59:43.0015 2912 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:59:43.0046 2912 WcsPlugInService - ok
16:59:43.0109 2912 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:59:43.0124 2912 Wd - ok
16:59:43.0155 2912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:59:43.0187 2912 Wdf01000 - ok
16:59:43.0202 2912 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:59:43.0265 2912 WdiServiceHost - ok
16:59:43.0265 2912 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:59:43.0296 2912 WdiSystemHost - ok
16:59:43.0311 2912 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:59:43.0358 2912 WebClient - ok
16:59:43.0389 2912 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:59:43.0421 2912 Wecsvc - ok
16:59:43.0436 2912 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:59:43.0483 2912 wercplsupport - ok
16:59:43.0514 2912 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:59:43.0545 2912 WerSvc - ok
16:59:43.0561 2912 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:59:43.0592 2912 WfpLwf - ok
16:59:43.0608 2912 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:59:43.0623 2912 WIMMount - ok
16:59:43.0686 2912 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:59:43.0733 2912 WinDefend - ok
16:59:43.0748 2912 WinHttpAutoProxySvc - ok
16:59:43.0795 2912 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:59:43.0826 2912 Winmgmt - ok
16:59:43.0889 2912 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:59:43.0967 2912 WinRM - ok
16:59:44.0045 2912 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:59:44.0076 2912 WinUsb - ok
16:59:44.0138 2912 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:59:44.0185 2912 Wlansvc - ok
16:59:44.0201 2912 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:59:44.0216 2912 WmiAcpi - ok
16:59:44.0263 2912 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:59:44.0279 2912 wmiApSrv - ok
16:59:44.0388 2912 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:59:44.0419 2912 WMPNetworkSvc - ok
16:59:44.0450 2912 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:59:44.0466 2912 WPCSvc - ok
16:59:44.0481 2912 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:59:44.0513 2912 WPDBusEnum - ok
16:59:44.0575 2912 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:59:44.0606 2912 ws2ifsl - ok
16:59:44.0622 2912 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
16:59:44.0653 2912 wscsvc - ok
16:59:44.0653 2912 WSearch - ok
16:59:44.0762 2912 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:59:44.0840 2912 wuauserv - ok
16:59:44.0934 2912 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:59:44.0981 2912 WudfPf - ok
16:59:45.0027 2912 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:45.0074 2912 WUDFRd - ok
16:59:45.0105 2912 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:59:45.0137 2912 wudfsvc - ok
16:59:45.0152 2912 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:59:45.0183 2912 WwanSvc - ok
16:59:45.0199 2912 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:59:45.0308 2912 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:59:45.0308 2912 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:59:48.0881 2912 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
16:59:49.0848 2912 \Device\Harddisk1\DR1 - ok
16:59:49.0848 2912 Boot (0x1200) (43792a7a5b0c85024e7ca690352b5314) \Device\Harddisk0\DR0\Partition0
16:59:49.0863 2912 \Device\Harddisk0\DR0\Partition0 - ok
16:59:49.0863 2912 Boot (0x1200) (1c4b92c3e1877be839aa57d2effd8be4) \Device\Harddisk1\DR1\Partition0
16:59:49.0863 2912 \Device\Harddisk1\DR1\Partition0 - ok
16:59:49.0863 2912 ============================================================
16:59:49.0863 2912 Scan finished
16:59:49.0863 2912 ============================================================
16:59:49.0879 1188 Detected object count: 3
16:59:49.0879 1188 Actual detected object count: 3
17:01:35.0275 1188 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:35.0275 1188 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:35.0275 1188 tor ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:35.0275 1188 tor ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:35.0322 1188 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:01:35.0322 1188 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:01:35.0837 1188 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:01:36.0211 1188 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:01:36.0211 1188 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:01:36.0570 1188 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:01:36.0586 1188 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:01:36.0586 1188 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:01:36.0601 1188 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:01:37.0022 1188 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:01:37.0381 1188 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:01:37.0381 1188 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:01:37.0381 1188 \Device\Harddisk0\DR0\TDLFS - deleted
17:01:37.0381 1188 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

#9
Essexboy

Posted 10 May 2012 - 11:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Grand could you confirm that ESET is now happy and there are no untoward problems before I remove my tools

#10
play4fun

Posted 10 May 2012 - 01:16 PM

New Member

Topic Starter
Member
9 posts

ESET reports no problems. This is a 30 day trial of ESET. Prior to ESET I was using microsoft security essentials which doesn't hog my resources. Hopefully I can go back to that unless it doesn't work like it's supposed to. I was having problems removing programs and I haven't tried since but maybe it will work now. I thank you for assisting me with this problem and this site is wonderful. If any of my friends have any problems I will send them here. Once again thanks.

#11
Essexboy

Posted 10 May 2012 - 02:17 PM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

#12
play4fun

Posted 10 May 2012 - 03:15 PM

New Member

Topic Starter
Member
9 posts

Ok I ran OTL and did the run fix and the cleanup. So the next thing would be to check on the hidden files and then spring clean and then purge? Just wanted to make sure that is next because I don't want to do something to screw this up.

#13
Essexboy

Posted 10 May 2012 - 03:17 PM

GeekU Moderator

Retired Staff
69,964 posts

Nope you are on track and good :cool:

#14
play4fun

Posted 10 May 2012 - 04:37 PM

New Member

Topic Starter
Member
9 posts

Ok. I did the spring clean and the hidden file folders and the purge. Downloaded malwarebytes and filehippo update checker. I will check and make sure I am good to go on microsoft windows update. Is there anything that I should do?